[skia] Add GPU fuzzer that doesn't actually talk to the GPU (api_null_gl_canvas) (#1281)

* Initial commit after submitting harness to skia repo. * merge patch * Remove trailing newline. * Rename fuzzer to api_null_gl_canvas. * Finish renaming * Add comment explaining patchelf in build.sh
2018-03-30 10:12:50 -07:00 · 2018-03-30 10:12:50 -07:00 · 8a06f71b36
parent 5f50a7c39b
commit 8a06f71b36
4 changed files with 89 additions and 2 deletions
--- a/projects/skia/BUILD.gn.diff
+++ b/projects/skia/BUILD.gn.diff
@ -170,6 +170,32 @@ test_app("api_raster_n32_canvas") {
  ]
 }

+test_app("api_null_gl_canvas") {
+  include_dirs = [
+    "tools",
+    "tools/debugger",
+  ]
+  sources = [
+    "fuzz/FuzzCanvas.cpp",
+    "fuzz/FuzzCommon.cpp",
+    "fuzz/oss_fuzz/FuzzNullGLCanvas.cpp",
+    "tools/UrlDataManager.cpp",
+    "tools/debugger/SkDebugCanvas.cpp",
+    "tools/debugger/SkDrawCommand.cpp",
+    "tools/debugger/SkJsonWriteBuffer.cpp",
+    "tools/debugger/SkObjectParser.cpp",
+    "tools/picture_utils.cpp",
+    "tools/LsanSuppressions.cpp"
+  ]
+  deps = [
+    ":flags",
+    ":gpu_tool_utils",
+    ":skia",
+    "//third_party/jsoncpp",
+    "//third_party/libpng",
+  ]
+}
+
 test_app("api_null_canvas") {
  include_dirs = [
    "tools",
@ -230,3 +256,4 @@ test_app("webp_encoder") {
    ":skia",
  ]
 }
+
--- a/projects/skia/Dockerfile
+++ b/projects/skia/Dockerfile
@ -17,7 +17,7 @@
 FROM gcr.io/oss-fuzz-base/base-builder
 MAINTAINER kjlubick@chromium.org

-RUN apt-get update && apt-get install -y python wget
+RUN apt-get update && apt-get install -y python wget libglu1-mesa-dev patchelf

 RUN git clone 'https://chromium.googlesource.com/chromium/tools/depot_tools.git'
 ENV PATH="${SRC}/depot_tools:${PATH}"
--- a/projects/skia/build.sh
+++ b/projects/skia/build.sh
@ -43,6 +43,17 @@ $SRC/depot_tools/gn gen out/Fuzz\
    skia_enable_gpu=false
    extra_ldflags=["-lFuzzingEngine", "'"$CXXFLAGS_ARR"'"]'

+$SRC/depot_tools/gn gen out/GPU\
+    --args='cc="'$CC'"
+    cxx="'$CXX'"
+    is_debug=false
+    extra_cflags=["'"$CXXFLAGS_ARR"'","-DIS_FUZZING","-DIS_FUZZING_WITH_LIBFUZZER",
+        "-Wno-zero-as-null-pointer-constant", "-Wno-unused-template", "-Wno-cast-qual"]
+    skia_use_system_freetype2=false
+    skia_use_fontconfig=false
+    skia_enable_gpu=true
+    extra_ldflags=["-lFuzzingEngine", "'"$CXXFLAGS_ARR"'"]'
+
 $SRC/depot_tools/ninja -C out/Fuzz_mem_constraints image_filter_deserialize \
                                                   textblob_deserialize api_raster_n32_canvas

@ -52,6 +63,8 @@ $SRC/depot_tools/ninja -C out/Fuzz region_deserialize region_set_path \
                                   api_path_measure api_null_canvas png_encoder \
                                   jpeg_encoder webp_encoder

+$SRC/depot_tools/ninja -C out/GPU api_null_gl_canvas
+
 cp out/Fuzz/region_deserialize $OUT/region_deserialize
 cp ./region_deserialize.options $OUT/region_deserialize.options

@ -114,6 +127,13 @@ cp out/Fuzz/api_null_canvas $OUT/api_null_canvas
 cp ./api_null_canvas.options $OUT/api_null_canvas.options
 cp ./canvas_seed_corpus.zip $OUT/api_null_canvas_seed_corpus.zip

+# Remove unnecessary dependencies that aren't on runner containers.
+# Libraries found through trial and error (ldd command also helpful).
+patchelf --remove-needed libGLU.so.1 out/GPU/api_null_gl_canvas
+patchelf --remove-needed libGL.so.1 out/GPU/api_null_gl_canvas
+patchelf --remove-needed libX11.so.6 out/GPU/api_null_gl_canvas
+cp out/GPU/api_null_gl_canvas $OUT/api_null_gl_canvas
+
 cp out/Fuzz/png_encoder $OUT/png_encoder
 cp ./encoder.options $OUT/png_encoder.options
 cp ./encoder_seed_corpus.zip $OUT/png_encoder_seed_corpus.zip
@ -124,4 +144,5 @@ cp ./encoder_seed_corpus.zip $OUT/jpeg_encoder_seed_corpus.zip

 cp out/Fuzz/webp_encoder $OUT/webp_encoder
 cp ./encoder.options $OUT/webp_encoder.options
-cp ./encoder_seed_corpus.zip $OUT/webp_encoder_seed_corpus.zip
+cp ./encoder_seed_corpus.zip $OUT/webp_encoder_seed_corpus.zip
+
--- a/projects/skia/skia.diff
+++ b/projects/skia/skia.diff
@ -360,6 +360,45 @@ index 48954a8938..5a4f354a21 100644
     Builder builder;
     for (int i = 0; i < count; i++) {
         LayerInfo info;
+diff --git a/src/gpu/GrPathUtils.cpp b/src/gpu/GrPathUtils.cpp
+index 74a53e9e09..872b28ced6 100644
+--- a/src/gpu/GrPathUtils.cpp
+++ b/src/gpu/GrPathUtils.cpp
+@@ -394,7 +394,11 @@ void convert_noninflect_cubic_to_quads(const SkPoint p[4],
+                                        SkPathPriv::FirstDirection dir,
+                                        SkTArray<SkPoint, true>* quads,
+                                        int sublevel = 0) {
+-
+    #if defined(IS_FUZZING)
+        if (sublevel >= 7) {
+            return;
+        }
+    #endif
+     // Notation: Point a is always p[0]. Point b is p[1] unless p[1] == p[0], in which case it is
+     // p[2]. Point d is always p[3]. Point c is p[2] unless p[2] == p[3], in which case it is p[1].
+ 
+diff --git a/src/ports/SkDebug_stdio.cpp b/src/ports/SkDebug_stdio.cpp
+index ec4e3fec77..e2c1a48521 100644
+--- a/src/ports/SkDebug_stdio.cpp
+++ b/src/ports/SkDebug_stdio.cpp
+@@ -12,9 +12,13 @@
+ #include <stdio.h>
+ 
+ void SkDebugf(const char format[], ...) {
+-    va_list args;
+-    va_start(args, format);
+-    vfprintf(stderr, format, args);
+-    va_end(args);
+    #if !defined(IS_FUZZING)
+        va_list args;
+        va_start(args, format);
+        vfprintf(stderr, format, args);
+        va_end(args);
+    #else
+        (void) format;
+    #endif
+ }
+ #endif//!defined(SK_BUILD_FOR_WIN) && !defined(SK_BUILD_FOR_ANDROID)
 diff --git a/src/utils/SkOffsetPolygon.cpp b/src/utils/SkOffsetPolygon.cpp
 index c8ebbeb7af..bf0912cd61 100755
 --- a/src/utils/SkOffsetPolygon.cpp